Secretariat Audit and Risk Committee Report to the Assembly Commission Year Ending 31 March 2020

Download a PDF version of this report


Chairperson's Foreword

I am pleased to present the Annual Report for 1 April 2019 to 31 March 2020 on behalf of the Secretariat Audit and Risk Committee (SARC). This Report describes how SARC fulfilled its role of providing support and advice to the Northern Ireland Assembly Commission (the Assembly Commission) and the Clerk/Chief Executive in order to promote sound governance, internal control, and risk management arrangements. In line with the Assembly Commission’s policy of openness and accessibility, SARC Annual Reports and the minutes of SARC meetings are placed on the Assembly Commission website.

I would like to express my appreciation and thanks to Jim Wells MLA, Commission Member, for his valued work during this reporting period up until 11 January 2020 and welcome Keith Buchanan MLA who joined SARC on 19 February 2020 as Commission Member. I look forward to working with Keith over the next year.  I would also like to express my appreciation and thanks to Derek Martin for his continued support and professionalism as the SARC Independent Member and to Ashleigh Mitford, former Governance Officer, for carrying out the role of SARC Secretary until she left to take up other employment at the end of December 2019.  

SARC’s work has for a third reporting period, been mainly set in the context of political uncertainty for the Northern Ireland Assembly (the Assembly), with no Assembly sittings having taken place until 11 January 2020.  Although the need to maintain a constant state of readiness throughout the three-year political hiatus imposed a strain on the organisation, I would like to take this opportunity to commend the work of the Assembly Commission Secretariat (the Secretariat) for an impressive performance in successfully facilitating the resumption of parliamentary activity. This was particularly impressive given the short notice of resumption, and the large number of vacancies that had arisen over the period when there was no parliamentary activity.

Over the course of the year, SARC has also been impressed by the diligence of the Secretariat in conducting regular self-assessment exercises in the areas of anti-fraud and bribery which includes whistleblowing, cyber security, and risk management.  SARC has noted the action plans that have arisen from these exercises and the clear progress illustrated by way of regular monitoring and reporting of progress against the action plans.  In addition, we noted regular reviews of relevant policies such as the Whistleblowing Policy and Investigative Procedure.

At each meeting, SARC is presented with a report outlining audit recommendations made, implemented, and outstanding.  This enables it to form a clear view of the effort that management invests in continually developing the governance, control and risk arrangements in the organisation and adds considerable value to SARC.

As part of the consideration of the 2018/19 Annual Report and Accounts SARC received a comprehensive overview of the financial statements, including a comparison with the prior year and current year’s budgets; considered the clarity and completeness of the information, taking in to account key accounting policies, assurances about the financial systems, and the quality of the control arrangements over the preparation of the accounts; and received a full briefing on the external audit prior to recommending their approval by the Accounting Officer.

Monitoring of the budget during the year was sound and effective, and the preparation of final accounts was undertaken quickly and professionally. There were no significant variations in the outturn and no unexpected surprises. This is further evidence of a sound internal control environment, compliance with accounting standards and good corporate governance.

Over the course of the year SARC received regular updates from the (Acting) Head of Internal Audit regarding output and progress against the 2019/20 Internal Audit Plan.  There have been improvements in Audit planning of late and SARC is pleased to see these continue. The Internal Audit Unit was adversely affected by unanticipated staff resource shortage for the final quarter of the year and the Internal Audit Plan was consequently amended with the approval of the Clerk/Chief Executive and ratification of SARC.  SARC was content that the amended plan provided sufficient scope and coverage to allow the provision of meaningful assurance at year-end. 

SARC is of the opinion that the delivery of the 2019-20 Internal Audit Plan, reviewed and monitored by SARC, has provided for a robust level of assurance, limited only by the lack of procedural parliamentary business and associated audit coverage. The plan has been successfully achieved, with all fieldwork completed by the end of March 2020. 

SARC was pleased to receive the results of the Internal Audit Unit’s Internal Quality Assurance review in May 2019, and noted the high degree of conformance with the Government Internal Audit Standards and the development of a Continuous Improvement Plan which has resulted in a revised Internal Audit Charter and the development of an Internal Audit Strategy which sets a direction for Internal Audit for the future.  An External Quality Assurance review was carried out by the Head of Risk and Assurance of the Welsh Parliament earlier in 2020 and we await publication of the report which has been delayed by the COVID-19 situation.  This is an important exercise in ensuring that assurance procedures are fit for purpose and enhances the assurance that we provide.

I am pleased to report that the Assembly Secretariat has developed and maintained a strong culture of accountability throughout the organisation and wisely continues to use the Internal Audit function as a business improvement tool.

As part of our ongoing consideration of risk management procedures, the Corporate Risk Register was reviewed at each meeting and SARC’s annual review of Directorate Risk Registers took place in May 2019.  Stewardship Statements were reviewed for each Directorate in May 2019, October 2019 and July 2020.  All of this information indicates that a constructive and practical approach to risk management is embedded within the organisation and, again, contributes to the assurance that can be provided.

SARC has completed a self-assessment exercise for the year ending 31 March 2020. The assessment template is based on the National Audit Office’s checklist for Audit Committees.  We also include comments on SARC’s effectiveness from the Northern Ireland Audit Office’s representative.  The findings confirm that SARC is fully compliant with best practice.  I am also pleased to report that SARC achieved all of its targets.

In addition to the challenges posed by a return to normal Assembly business, the Secretariat has also had to deal with the unprecedented challenges presented as a result of the worldwide Coronavirus pandemic. I have noted that in order to protect the health and safety of staff and ensure that Public Health Agency and Government Guidance and Regulations were strictly adhered to, the Clerk/Chief Executive established a multidisciplinary COVID-19 Response Group and arrangements were quickly implemented to allow the majority of staff to work from home for the majority of the time. I have also noted that Assembly and Committee business has continued throughout this period. This further disruption to the work of the Assembly was particularly challenging since many staff members were only recently returned to the Assembly from secondment elsewhere. In addition, there were over 50 vacancies which could not now be safely filled. With Members returning to Government, there were heightened challenges to establish safe working arrangements whilst maintaining full support to Members and open and accessible Assembly arrangements.

I would like to thank the staff for their professionalism, courage and resilience and I extend my best wishes to staff, their families and friends as we all begin to emerge from this difficult time.

It is also important to acknowledge the work of the Assembly and the Assembly Commission arising from the United Kingdom’s withdrawal from the European Union and the publication of the “New Decade, New Approach” deal. In addition, there will be a backlog of Private Members’ Bills and renewed impetus for social and political change. These would be formidable challenges in more normal times and the coronavirus makes this harder, at least initially. I am confident that the Assembly management and staff will rise to these challenges. 

I am grateful to the Assembly Commission for its support and for allowing the SARC Chairperson, or the Independent Member, to attend its meetings and to contribute to its discussions throughout the year. This is very helpful in providing a broader perspective for the work of SARC.  I look forward to continuing the practice of the SARC Chairperson meeting annually, in private, with the Assembly Commission to discuss matters pertaining to SARC.

Finally, my thanks go to the Clerk/Chief Executive and the staff of the Assembly Secretariat for their ongoing support to SARC in the achievement of its objectives.  





The Secretariat Audit and Risk Committee (SARC)

Progress of SARC 2019-2020

Internal Audit Activity 2019-20

NI Assembly Accounts 2018-2019

Evaluation of SARC 2019-20

Internal Audit Plan


Annex A: Definition of Audit Ratings



1. Introduction

This Report provides the Northern Ireland Assembly Commission (the Assembly Commission) with an account of the activity and achievements of the Secretariat Audit and Risk Committee (SARC) in 2019-2020 in relation to its objectives for that year. 



2. Secretariat Audit and Risk Committee (SARC)

SARC plays an important role in the overall system of corporate governance in the Assembly Commission. SARC is independent of the Assembly Commission Secretariat (the Secretariat) and aims to support the Clerk/Chief Executive in her role as Accounting Officer.  It also provides independent support to the Assembly Commission in monitoring its responsibilities for issues of risk, control and governance and by reviewing the comprehensiveness of assurances. 


2.1 Membership 2019-20

Jim Brooks - Independent Chairperson

Derek Martin - Independent Member

Jim Wells MLA - Assembly Commission Member until 11 January 2020

Keith Buchanan MLA - Assembly Commission Member commencing 19 February 2020


2.2 Meetings

SARC meets at least four times a year, although the Chairperson may convene additional meetings should he feel that this is necessary.  During 2019-20, SARC met four times. Attendance was as follows:

MemberMeetings attended

Jim Brooks


Derek Martin


Jim Wells MLA


SARC meetings are normally attended by the Accounting Officer, all Directors, the acting Head of Internal Audit, the Head of Finance and one or more representatives from the Northern Ireland Audit Office.  Secretarial support is provided by the Legal, Governance and Research Services Directorate.

The Chairperson or the Independent Member of SARC attends meetings of the Assembly Commission as observers. Jim Brooks attended meetings of the Commission on 24 June 2019, 16 December 2019 and 19 February 2020. Derek Martin attended the Commission meeting on 5 November 2019.


2.3 Training

The Chairperson and Independent Member have continued to become more familiar with business areas throughout the Assembly Secretariat. Given the comprehensive induction training provided on appointment and existing knowledge and experience, no formal training was deemed necessary throughout the year.


2.4 Management Information Systems and Controls

At its meetings, SARC is provided with a number of analyses and reports including: 

  • A log of all outstanding Audit Recommendations together with a statement of the status of each and a target date for completion. This is used to monitor progress and ensure that recommendations are implemented in a timely manner.
  • Changes to the Corporate Risk Register and any areas of concern. SARC monitors the actions taken by the Secretariat Management Group to manage the Corporate Risks to ensure they remain relevant and that appropriate mitigating actions are taken.
  • Copies of Stewardship Statements, completed for each Directorate, are submitted to SARC for information every six months.
  • A progress report from the Head of Internal Audit summarising:
    • Work performed and a comparison with work planned;
    • Key issues emerging from Internal Audit work;
    • Management responses to audit recommendations;
    • Changes to the Internal Audit Plan;
    • An opinion on the overall level of assurance pertaining to the financial year; and
    • Any resource issues affecting the delivery of Internal Audit objectives.
  • Progress reports from the Northern Ireland Audit Office (NIAO) representative summarising work done and emerging findings.
  • The Internal Audit Charter (October 2019)
  • Head of Internal Audit’s Annual Opinion and Report (May 2019)
  • Quality Assurance reports on the Internal Audit function (May 2019).
  • The draft accounts of the Assembly Commission (May/June 2019)
  • The draft Governance Statement (May/June 2019)
  • A report on any changes to accounting policies. (when applicable)
  • The NIAO’s Report to Those Charged with Governance. (June/October 2019)
  • The NIAO Audit Strategy (February 2020)
  • The Assembly Commission’s Risk Management Strategy (June 2019)
  • Fraud and Bribery Self-Assessment Checklists, Bribery Risk Assessment and Action Plan. (February 2020)
  • Whistleblowing Policy (October 2019)
  • Organisational risk management self-assessments (February 2020)

SARC is satisfied with the comprehensiveness, reliability and integrity of assurances, the quality of audit, financial reporting and the management of risk.  SARC members considered the contents of a draft Governance Statement at the SARC meetings on 15 May and 19 June 2019.



3. Progress of SARC in 2019-2020


3.1 Performance against key objectives


To ensure the effective implementation of audit recommendations, including External and Internal Quality Assurance recommendations

Continued success in the timely implementation of audit recommendations.  Of the 30 recommendations made during the year, 23 have already been implemented.

To oversee the handling of key risk areas by the Secretariat to ensure that risk is being appropriately managed and value for money secured.

To keep under review any risks arising from organisational change / the political situation, where appropriate, and any issues arising out of the work of the Independent Financial Review Panel or the Reaney Review.

Corporate Risk Register reviewed at SARC meetings.  The economical, effective and efficient use of resources is considered as part of the ongoing audit programme.

Corporate Risk Register reviewed at SARC meetings. Directorate Risk Registers are reviewed annually.

Independent Financial Review Panel currently not established.

To oversee the timely sign-off of the Annual Report and Accounts.

Following the SARC meeting on 18 June 2019, SARC members recommended that the Accounting Officer sign the 2018-19 Annual Accounts.

To promote best practice where possible in the operation of SARC.

The Terms of Reference for SARC were reviewed by SARC on 16 October 2019 and are based on the requirements of the HM Treasury Audit and Risk Assurance Committee guidance of March 2016 / Audit and Risk Assurance Committee Handbook NI.  

SARC has completed a self-assessment exercise for the year ending 31 March 2020. The assessment template is based on the National Audit Office’s checklist for Audit Committees.

SARC members bring experience from other Boards and Committees, undertake training as necessary and keep abreast of updates and guidance.



4. Internal Audit Activity 2019-20


4.1 Details of Internal Audit reports considered by SARC since 1 April 2019 are outlined below.  Risk Rating Definitions are attached at Annex A.


Review of Members Expenses 2018/19 (Interim Testing)



Review of Compliance with GDPR



Review of Support Services



Review of Legal Services



Review of Members Expenses 2018/19 (Final Testing)



Review of Events



Review of Planned and Reactive Maintenance



Review of Payroll



Review of Members Expenses 2019/20 (Interim Testing)



Review of Broadcasting Infrastructure




Follow-up reports have been considered as follows: 


Review of the Roof Project



Review of Corporate Governance



Research and Information Services (RaISe)



Usher Services



Review of Public Engagement Unit



Follow-up Review of Legal Services



Follow-up Review of the Assembly Members Pension Scheme



Work ongoing: 


Members’ Services - Administration of Members Expenses

Draft report undergoing quality assurance.

IA – External Review

The review has been carried out.  Reporting delayed by impact of COVID-19.

Mobile phones

Fieldwork completed.  Report undergoing drafting

Cyber Security

Drafting stage

Secretariat Travel

Drafting Stage

Assembly Members Pension Scheme

Drafting stage

Support Services

In progress


4.2 Key Issues

SARC noted that the review of Broadcasting Infrastructure resulted in the provision of limited assurance.  The report raised a significant issue relating to risk associated with the resilience of the broadcasting infrastructure and Internal Audit’s inability to provide assurance over measures to prevent its operational failure in the short-term.  The report acknowledges that this is a legacy issue which management was aware of, as evidenced by its inclusion in the Corporate Risk Register.  We were pleased to note that mitigation measures have been planned, for example the Corporate Plan 2019 – 23 includes a refresh of Assembly broadcasting infrastructure, along with other measures to reduce the risk of operational failure.  Given the nature of this issue, and the planned mitigating actions, the acting Head of Internal Audit has confirmed that it does not have a material impact on the overall level of assurance.

Recommendations were made in respect of each of the assignments completed by Internal Audit in order to enhance control, governance and risk management arrangements. The findings and recommendations of each review were discussed at SARC meetings and, apart from the instance described above, no significant issues have arisen.  The rate of acceptance and implementation of recommendations remains high and has helped to maintain the overall level of assurance at satisfactory.

On the basis of the final reports issued to date, the results of the audits carried out resulted in substantial (3), satisfactory (6), and limited (1) levels of assurance.  Follow-up audit results were either substantial (6) or satisfactory (1).  Although the assurance levels in respect of draft reports have yet to be confirmed formally, the results of those audits have contributed to the acting Head of Internal Audit’s opinion on the overall level of assurance.



5. NI Assembly Accounts 2018- 19

Based on an examination of the Annual Report and Accounts, and the Report to Those Charged with Governance, SARC members, following the SARC meeting on 18 June 2019, recommended that the Clerk/ Chief Executive sign the 2018-19 accounts.  SARC members appreciated the work of the Assembly Secretariat and NIAO staff involved in delivering the accounts to timetable.



6. Evaluation of SARC 2019-2020

On 8 July 2020, SARC members completed a self-assessment checklist for 2019-20; SARC was fully compliant in all areas.



7. Internal Audit Plan 2019-2020

The draft Internal Audit plan and associated resource plan was approved by SMG in April 2019 and noted by SARC in 15 May 2019. 



8. Conclusion

SARC is satisfied that it has discharged its duties as guided by its Terms of Reference.  Given this, and taking into account the work of Internal Audit, the Northern Ireland Audit Office, and assurances provided to it, SARC is satisfied that it provides sufficient assurance to the Assembly Commission and to the Accounting Officer, in the discharge of accountability obligations. SARC is pleased to note the overall Satisfactory level of assurance from the acting Head of Internal Audit for 2019/2020.





Definition of Audit Ratings

Substantial - There is a robust system of risk management, control and governance which should ensure that objectives are fully achieved.

Satisfactory - There is some risk that objectives may not be fully achieved. Some improvements are required to enhance the adequacy and / or effectiveness of risk management, control and governance.

Limited - There is considerable risk that the system will fail to meet its objectives. Prompt action is required to improve the adequacy and / or effectiveness of risk management, control and governance.

Unacceptable -  The system has failed or there is a real and substantial risk that the system will fail to meet its objectives. Urgent action is required to improve the adequacy and / or effectiveness of risk management, control and governance.

Find MLAs

Find your MLAs

Locate MLAs


News and Media Centre

Visit the News and Media Centre

Read press releases, watch live and archived video

Find out more

Follow the Assembly

Follow the Assembly on our social media channels

Keep up-to-date with the Assembly

Find out more

Useful Contacts

Contact us

Contacts for different parts of the Assembly

Contact Us